MediaWiki  master
ApiQueryTokens.php
Go to the documentation of this file.
1 <?php
28 
36 
37  public function execute() {
38  $params = $this->extractRequestParams();
39  $res = [
40  ApiResult::META_TYPE => 'assoc',
41  ];
42 
43  if ( $this->lacksSameOriginSecurity() ) {
44  $this->addWarning( [ 'apiwarn-tokens-origin' ] );
45  return;
46  }
47 
48  $user = $this->getUser();
49  $session = $this->getRequest()->getSession();
50  $salts = self::getTokenTypeSalts();
51  foreach ( $params['type'] as $type ) {
52  $res[$type . 'token'] = self::getToken( $user, $session, $salts[$type] )->toString();
53  }
54 
55  $this->getResult()->addValue( 'query', $this->getModuleName(), $res );
56  }
57 
66  public static function getTokenTypeSalts() {
67  static $salts = null;
68  if ( !$salts ) {
69  $salts = [
70  'csrf' => '',
71  'watch' => 'watch',
72  'patrol' => 'patrol',
73  'rollback' => 'rollback',
74  'userrights' => 'userrights',
75  'login' => [ '', 'login' ],
76  'createaccount' => [ '', 'createaccount' ],
77  ];
78  $hookContainer = MediaWikiServices::getInstance()->getHookContainer();
81  ksort( $salts );
82  }
83 
84  return $salts;
85  }
86 
99  public static function getToken( User $user, MediaWiki\Session\Session $session, $salt ) {
100  if ( is_array( $salt ) ) {
101  $session->persist();
102  return $session->getToken( ...$salt );
103  } else {
104  return $user->getEditTokenObject( $salt, $session->getRequest() );
105  }
106  }
107 
108  public function getAllowedParams() {
109  return [
110  'type' => [
111  ApiBase::PARAM_DFLT => 'csrf',
112  ApiBase::PARAM_ISMULTI => true,
113  ApiBase::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
114  ],
115  ];
116  }
117 
118  protected function getExamplesMessages() {
119  return [
120  'action=query&meta=tokens'
121  => 'apihelp-query+tokens-example-simple',
122  'action=query&meta=tokens&type=watch|patrol'
123  => 'apihelp-query+tokens-example-types',
124  ];
125  }
126 
127  public function isReadMode() {
128  // So login tokens can be fetched on private wikis
129  return false;
130  }
131 
132  public function getCacheMode( $params ) {
133  return 'private';
134  }
135 
136  public function getHelpUrls() {
137  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
138  }
139 }
ApiBase\addWarning
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1301
ApiBase\$hookContainer
HookContainer $hookContainer
Definition: ApiBase.php:58
ApiQueryTokens\getCacheMode
getCacheMode( $params)
Get the cache mode for the data generated by this module.
Definition: ApiQueryTokens.php:132
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:155
User\getEditTokenObject
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition: User.php:3673
ApiResult\META_TYPE
const META_TYPE
Key for the 'type' metadata item.
Definition: ApiResult.php:110
ApiBase\PARAM_TYPE
const PARAM_TYPE
(boolean) Inverse of IntegerDef::PARAM_IGNORE_RANGE
Definition: ApiBase.php:71
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:565
ApiQueryTokens\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition: ApiQueryTokens.php:37
ApiQueryTokens\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiQueryTokens.php:108
ContextSource\getRequest
getRequest()
Definition: ContextSource.php:76
$res
$res
Definition: testCompression.php:57
ContextSource\getUser
getUser()
Stable to override.
Definition: ContextSource.php:131
MediaWiki\Api\ApiHookRunner
This class provides an implementation of the hook interfaces used by the core Action API,...
Definition: ApiHookRunner.php:58
ApiBase\lacksSameOriginSecurity
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition: ApiBase.php:493
ApiQueryTokens
Module to fetch tokens via action=query&meta=tokens.
Definition: ApiQueryTokens.php:35
ApiQueryTokens\isReadMode
isReadMode()
Indicates whether this module requires read rights Stable to override.
Definition: ApiQueryTokens.php:127
ApiQueryBase
This is a base class for all Query modules.
Definition: ApiQueryBase.php:37
ApiQueryTokens\getTokenTypeSalts
static getTokenTypeSalts()
Get the salts for known token types.
Definition: ApiQueryTokens.php:66
ApiBase\$hookRunner
ApiHookRunner $hookRunner
Definition: ApiBase.php:61
ApiQueryTokens\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition: ApiQueryTokens.php:136
MediaWiki
A helper class for throttling authentication attempts.
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:717
ApiQueryTokens\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition: ApiQueryTokens.php:118
ApiQueryTokens\getToken
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Definition: ApiQueryTokens.php:99
ApiBase\PARAM_DFLT
const PARAM_DFLT
(boolean) Inverse of IntegerDef::PARAM_IGNORE_RANGE
Definition: ApiBase.php:69
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:444
ApiBase\PARAM_ISMULTI
const PARAM_ISMULTI
(boolean) Inverse of IntegerDef::PARAM_IGNORE_RANGE
Definition: ApiBase.php:70
MediaWiki\Api\ApiHookRunner\onApiQueryTokensRegisterTypes
onApiQueryTokensRegisterTypes(&$salts)
Use this hook to add additional token types to action=query&meta=tokens.
Definition: ApiHookRunner.php:254
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:55
$type
$type
Definition: testCompression.php:52